From: dominick.grift@gmail.com (Dominick Grift) Date: Sun, 12 Aug 2012 17:21:28 +0200 Subject: [refpolicy] [PATCH v1 6/6] Use libexec location for postfix binaries In-Reply-To: <20120812164237.2e3273e3@george.anarkia> References: <1344711594-11687-1-git-send-email-sven.vermeulen@siphos.be> <1344711594-11687-7-git-send-email-sven.vermeulen@siphos.be> <20120811212754.2d5a29b7@george.anarkia> <1344765482.20817.6.camel@x220.mydomain.internal> <20120812164237.2e3273e3@george.anarkia> Message-ID: <1344784888.11236.1.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 2012-08-12 at 16:42 +0200, Mika Pfl?ger wrote: > Hi, > > Am Sun, 12 Aug 2012 11:58:02 +0200 > schrieb Dominick Grift : > > > On Sat, 2012-08-11 at 21:27 +0200, Mika Pfl?ger wrote: > > > Hi, > > > > > > Am Sat, 11 Aug 2012 20:59:54 +0200 > > > schrieb Sven Vermeulen : > > > > > > > Recent postfix releases have their binaries at /usr/libexec > > > > instead of /usr/lib. This patch removes the ifdef for > > > > distro_redhat since, even for distributions that would still have > > > > the old locations, having the definitions for the contexts loaded > > > > doesn't hurt. > > > > > > > > Add in a small blurb too to reflect the potential deprecation of > > > > said contexts. > > > > > > I think this is wrong. The FHS still does not contain anything > > > about /usr/libexec and consequently, debian doesn't have it. I am > > > not fully aware if this is handled by some /usr/libexec -> /usr/lib > > > build replacement magic for debian, if it is, then you are of > > > course right that the old definitions are not needed anymore and > > > might be removed some time. > > > > It doesnt really matter imho. If gentoo has the content now > > in /usr/libexec then we need to support both unconditionally. > > I was talking about the "small blurb to reflect the potential > deprecation of said contexts.", specifically the line > > +# Older location for postfix binaries, might be cleaned up in near \ > > future? > > from the patch. Sorry for the confusing citation of the whole > description. > > I am not at all opposed to have both contexts unconditionally - I just > don't want the /usr/lib contexts to go away in the near future with > debian then patching them conditionally in again. Oh right i agree, then i misunderstood, and yes the comment is not needed imho. > Cheers, > > Mika > > > > > > > Signed-off-by: Sven Vermeulen > > > > --- > > > > postfix.fc | 5 ++--- > > > > 1 files changed, 2 insertions(+), 3 deletions(-) > > > > > > > > diff --git a/postfix.fc b/postfix.fc > > > > index 90bf84e..6d61b82 100644 > > > > --- a/postfix.fc > > > > +++ b/postfix.fc > > > > @@ -1,6 +1,5 @@ > > > > # postfix > > > > /etc/postfix(/.*)? > > > > gen_context(system_u:object_r:postfix_etc_t,s0) > > > > -ifdef(`distro_redhat', ` /usr/libexec/postfix/.* -- > > > > gen_context(system_u:object_r:postfix_exec_t,s0) /usr/libexec/postfix/cleanup > > > > -- > > > > gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/libexec/postfix/lmtp > > > > -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) @@ > > > > -15,7 +14,7 @@ ifdef(`distro_redhat', > > > > ` /usr/libexec/postfix/bounce -- > > > > gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/libexec/postfix/pipe > > > > -- > > > > gen_context(system_u:object_r:postfix_pipe_exec_t,s0) /usr/libexec/postfix/virtual > > > > -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) > > > > -', ` +# Older location for postfix binaries, might be cleaned up > > > > in near future? /usr/lib/postfix/.* -- > > > > gen_context(system_u:object_r:postfix_exec_t,s0) /usr/lib/postfix/cleanup > > > > -- > > > > gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/lib/postfix/local -- > > > > gen_context(system_u:object_r:postfix_local_exec_t,s0) @@ -29,7 > > > > +28,7 @@ ifdef(`distro_redhat', > > > > ` /usr/lib/postfix/bounce -- > > > > gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/lib/postfix/pipe -- > > > > gen_context(system_u:object_r:postfix_pipe_exec_t,s0) /usr/lib/postfix/virtual > > > > -- > > > > gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -') > > > > + /etc/postfix/postfix-script.* -- > > > > gen_context(system_u:object_r:postfix_exec_t,s0) /etc/postfix/prng_exch -- > > > > gen_context(system_u:object_r:postfix_prng_t,s0) /usr/sbin/postcat -- > > > > gen_context(system_u:object_r:postfix_master_exec_t,s0) > > > > > > > > > > > > _______________________________________________ > > > refpolicy mailing list > > > refpolicy at oss.tresys.com > > > http://oss.tresys.com/mailman/listinfo/refpolicy > > > > > > _______________________________________________ > > refpolicy mailing list > > refpolicy at oss.tresys.com > > http://oss.tresys.com/mailman/listinfo/refpolicy > > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy